Whose Data is it Anyway?

Before reading this article I just need you to tick this box agreeing to my privacy policy

Good, we can proceed. However, did you actually know what you were agreeing to when you accepted any website or documents terms and conditions or privacy policy, did you know how they were going to use whatever data you were going to provide?

As individuals we create increasing amounts of personal data, this data can be hugely valuable to businesses allowing them to turn your raw data into valuable business information. Businesses use information you provide to target both you and people from similar backgrounds with whatever product they happen to be marketing.

The interesting question is who actually owns the data we provide. Who is responsible for the data we supply? In general, people naturally assume that businesses own this data and will protect it and use it responsibly. However as we’ve seen recently this is not always the case.

Recent data breaches, with Experian in the USA being a recent example, have shown that our personal information is not always as safe as we would like to hope. We get no visibility of how our data is being used, protected or what is done with it after we willingly supply it. With constant and increasing numbers of data breaches our data becomes more vulnerable. Remember data is more valuable than oil.

There are many example of data misuse, ranging from nuisance phone calls, spam mails and unsolicited post. However, this may all be about to change. Under the forthcoming GDPR regulations businesses will become simply custodians of my data.

It’s important for organisations to realise that IT departments do not own the data, they simply provide the infrastructure to allow access to data through a series of applications. The business is responsible for the data held, and to continue to get value from it they will have to treat it differently going forward.

Businesses will need to become more transparent in their dealing with external customers, through showing what data is held, and even why it remains held, either through showing agreement to allow data to be held verbally or through the dreaded tick box.

Inevitably this will lead to a change in business processes, which is why at Computacenter we have seen a rise in demand for data masking and Anonymisation. This allows organisations to translate their data held into valuable information without the risk of items being personally identifiable.

Possibly the most important thing for businesses to do over the coming months is to start to understand what data they have, what is valuable to them and can be translated to Information, what new or existing sources of data they have and how they treat it to ensure regulatory compliance.

My data belongs to me now, I may let organisations use it in return for a service I deem of value but ultimately it is personal and belongs to me.